Couple of days ago I had to review an agreement on cloud computing services that one of the major suppliers in this realm had submitted. When I went through the terms and conditions, I could not gain the impression that the supplier has a great confidence in its capability to deliver the service in question. I found some of the terms even so onerous that I had to consider a strategy to protect my client from getting electrocuted in that supplier’s cloud!
Having thought that sharing some tips on the Reguligence Weblog would be of interest for its readers, I have composed the following list:
1. Service Availability
This agreement reminded me of a telecommunications contract: the supplier basically grants recipient an access to its infrastructure environment and the recipient pays a use-based fee in return.
However, the supplier offers its service on an “as-is” basis and does not warrant any specific availability or quality.
Hence, you should not go for it, if you intend to run a mission critical system in the cloud or your business requires a reliable service performance. You can either endeavour to negotiate different terms or opt for a specifically tailored solution. In both cases the payments are very likely to increase. If you re-sell your services, you should endeavour to limit your liability towards your recipients.
As mentioned in the beginning of the article – the service supplier seems not confident in its service capabilities. The supplier merely warrants to perform the service with a reasonable care and workmanship. Should you accept it? Well, unless your business model mandates otherwise… You could also suggest a discretionary payment language, something like payment shall be subject to recipient’s overall satisfaction and wait for supplier’s reaction.
What damage are you likely to suffer during such a service delivery? Hmm, maybe loss of data and loss of profit due to a service interruption or an outage? Yes, I guess they are the likeliest to occur, but I feel you can already assume that, they are – what? – excluded, what else?
So, make sure you have not entered into an obligation to recover your customer for such losses because this could ruin your business!
4. Data Security
From what I did read, I would never encourage you to upload sensitive data onto the cloud… Again, your supplier is neither liable to keep them secret and confidential nor to retrieve them if they happen to disappear.
5. Data Protection
Albeit this is the last topic on my list, it is very wise to pay special attention to it because data protection may be a very tricky issue under the jurisdiction of a EU member state. Beware if you have to upload personal data onto the cloud – your supplier has access to them and is eager to process them for its own purposes! And this is the catch: personal data must be obtained and processed only for a specified purpose. I bet your purpose will differ from the one of your supplier. Besides, as a general rule personal data must not be transferred outside the European Economic Area, so make sure you have read and understood your cloud services agreement or process previously anonymized data only.
My Final Say
Cloud services may be a great thing if you need a specific infrastructure whose purchase for a single project would not pay off.
On the other hand, cloud services agreements seem to be too much supplier oriented and, as a matter of fact, detrimental to the recipient.
Make sure you do not use cloud services to run mission critical tasks, at least not before you have spoken with your trusted lawyer!
Questions, suggestions, opinions? Just use the comment function below.